Crater
Source repositories
CVEs (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55556 | Cri | 0.74 | 9.8 | 0.44 | Jan 7, 2025 | A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The… | ||
| CVE-2023-46865 | Hig | 0.48 | 7.2 | 0.20 | Oct 30, 2023 | /api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image. | ||
| CVE-2022-1032 | Hig | 0.00 | 7.2 | 0.02 | Mar 29, 2022 | Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6. | ||
| CVE-2022-1033 | Hig | 0.00 | 7.8 | 0.01 | Mar 23, 2022 | Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6. | ||
| CVE-2022-0515 | Med | 0.00 | 4.3 | 0.00 | Mar 21, 2022 | Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4. | ||
| CVE-2022-0514 | Med | 0.00 | 6.5 | 0.01 | Mar 21, 2022 | Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5. |
- risk 0.74cvss 9.8epss 0.44
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The…
- risk 0.48cvss 7.2epss 0.20
/api/v1/company/upload-logo in CompanyController.php in crater through 6.0.6 allows a superadmin to execute arbitrary PHP code by placing this code into an image/png IDAT chunk of a Company Logo image.
- risk 0.00cvss 7.2epss 0.02
Insecure deserialization of not validated module file in GitHub repository crater-invoice/crater prior to 6.0.6.
- risk 0.00cvss 7.8epss 0.01
Unrestricted Upload of File with Dangerous Type in GitHub repository crater-invoice/crater prior to 6.0.6.
- risk 0.00cvss 4.3epss 0.00
Cross-Site Request Forgery (CSRF) in GitHub repository crater-invoice/crater prior to 6.0.4.
- risk 0.00cvss 6.5epss 0.01
Business Logic Errors in GitHub repository crater-invoice/crater prior to 6.0.5.